vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-16 20:40:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
7e8f5ca71b7de1490a0db7f627dbc32a76fdee86
openclaw/docs/cli/daemon.md
Josh Avant a2cb81199e secrets: harden read-only SecretRef command paths and diagnostics (#47794) 
* secrets: harden read-only SecretRef resolution for status and audit

* CLI: add SecretRef degrade-safe regression coverage

* Docs: align SecretRef status and daemon probe semantics

* Security audit: close SecretRef review gaps

* Security audit: preserve source auth SecretRef configuredness

* changelog

Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>

---------

Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>
2026-03-15 21:55:24 -05:00

2.1 KiB
Raw Blame History

summary, read_when, title
summary read_when title
CLI reference for `openclaw daemon` (legacy alias for gateway service management)
You still use `openclaw daemon ...` in scripts
You need service lifecycle commands (install/start/stop/restart/status)
daemon

openclaw daemon

Legacy alias for Gateway service management commands.

openclaw daemon ... maps to the same service control surface as openclaw gateway ... service commands.

Usage

openclaw daemon status
openclaw daemon install
openclaw daemon start
openclaw daemon stop
openclaw daemon restart
openclaw daemon uninstall

Subcommands

  • status: show service install state and probe Gateway health
  • install: install service (launchd/systemd/schtasks)
  • uninstall: remove service
  • start: start service
  • stop: stop service
  • restart: restart service

Common options

  • status: --url, --token, --password, --timeout, --no-probe, --require-rpc, --deep, --json
  • install: --port, --runtime <node|bun>, --token, --force, --json
  • lifecycle (uninstall|start|stop|restart): --json

Notes:

  • status resolves configured auth SecretRefs for probe auth when possible.
  • If a required auth SecretRef is unresolved in this command path, daemon status --json reports rpc.authWarning when probe connectivity/auth fails; pass --token/--password explicitly or resolve the secret source first.
  • If the probe succeeds, unresolved auth-ref warnings are suppressed to avoid false positives.
  • On Linux systemd installs, status token-drift checks include both Environment= and EnvironmentFile= unit sources.
  • When token auth requires a token and gateway.auth.token is SecretRef-managed, install validates that the SecretRef is resolvable but does not persist the resolved token into service environment metadata.
  • If token auth requires a token and the configured token SecretRef is unresolved, install fails closed.
  • If both gateway.auth.token and gateway.auth.password are configured and gateway.auth.mode is unset, install is blocked until mode is set explicitly.

Prefer

Use openclaw gateway for current docs and examples.

Reference in New Issue View Git Blame Copy Permalink